extraOptions -> settings

2022-12-08 16:31:06 -08:00 · 2022-12-08 16:31:06 -08:00 · 2e07480473
parent 69541726aa
commit 2e07480473
1 changed files with 28 additions and 29 deletions
--- a/lib/fudo/grafana.nix
+++ b/lib/fudo/grafana.nix
@ -219,45 +219,44 @@ in {
            user = cfg.smtp.username;
            passwordFile = cfg.smtp.password-file;
          };
        };
-        extraOptions = mkIf (cfg.ldap != null) (let
+          ldap.auth = mkIf (cfg.ldap != null) (let
-          base = cfg.ldap.base-dn;
+            base = cfg.ldap.base-dn;
-          config-file = pkgs.writeText "grafana-ldap.toml" ''
+            config-file = pkgs.writeText "grafana-ldap.toml" ''
-            [[servers]]
+              [[servers]]
-            host = "${concatStringsSep " " cfg.ldap.hosts}"
+              host = "${concatStringsSep " " cfg.ldap.hosts}"
-            port = 389
+              port = 389
-            start_tls = true
+              start_tls = true
-            bind_dn = "uid=%s,ou=members,${base}"
+              bind_dn = "uid=%s,ou=members,${base}"
-            search_filter = "(uid=%s)"
+              search_filter = "(uid=%s)"
-            search_base_dns = [ "ou=members,${base}" ]
+              search_base_dns = [ "ou=members,${base}" ]
-            group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+              group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
-            group_search_base_dns = ["ou=groups,${base}"]
+              group_search_base_dns = ["ou=groups,${base}"]
-            group_search_filter_user_attribute = "uid"
+              group_search_filter_user_attribute = "uid"
-            [[servers.group_mappings]]
+              [[servers.group_mappings]]
-            group_dn = "cn=admin,ou=groups,${base}"
+              group_dn = "cn=admin,ou=groups,${base}"
-            org_role = "Admin"
+              org_role = "Admin"
-            grafana_admin = true
+              grafana_admin = true
-            [[servers.group_mappings]]
+              [[servers.group_mappings]]
-            group_dn = "cn=*,ou=groups,${base}"
+              group_dn = "cn=*,ou=groups,${base}"
-            org_role = "Viewer"
+              org_role = "Viewer"
-          '';
+            '';
-        in {
+          in {
          auth.ldap = {
            enabled = true;
            allow_sign_up = true;
            config_file = config-file;
-          };
+
-          # AUTH_LDAP_ENABLED = "true";
+            # AUTH_LDAP_ENABLED = "true";
-          # AUTH_LDAP_ALLOW_SIGN_UP = "true";
+            # AUTH_LDAP_ALLOW_SIGN_UP = "true";
-          # AUTH_LDAP_CONFIG_FILE = config-file;
+            # AUTH_LDAP_CONFIG_FILE = config-file;
-        });
+          });
        };
        database = {
          host = cfg.database.hostname;